Bluetooth Flaw Allows Remote Unlocking of Digital Locks

Locks that use Bluetooth Low Energy to authenticate keys are vulnerable to remote unlocking. The research focused on Teslas, but the exploit is generalizable. In a video shared with Reuters, NCC Group researcher Sultan Qasim Khan was able to open and then drive a Tesla using a small relay device...

Jenkins Exclusion Plugin allows Access to Resource Locks

The Exclusion plugin before 0.9 for Jenkins does not properly prevent access to resource locks, which allows remote authenticated users to list and release resources via unspecified vectors...

GHSA-2Q8V-439J-6P77 Jenkins Exclusion Plugin allows Access to Resource Locks

The Exclusion plugin before 0.9 for Jenkins does not properly prevent access to resource locks, which allows remote authenticated users to list and release resources via unspecified vectors...

Denial of service

A Denial of Service vulnerability exists in CORTX-S3 Server as of 11/7/2021 via the mempooldestroy method due to a failture to release locks pool-lock...

SUSE-SU-2022:0045-2 Security update for libvirt

This update for libvirt fixes the following issues: - CVE-2021-4147: libxl: Fix libvirtd deadlocks and segfaults. bsc1194041 - CVE-2021-3975: Add missing lock in qemuProcessHandleMonitorEOF. bsc1192876...

CVE-2022-0480

A flaw was found in the filelockinit in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface POSIX file locks. Mitigation Mitigation for this issue is either not available or the currentl...

CVE-2020-9059

Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level...

CVE-2021-41141

PJSIP is a free and open source multimedia communication library written in the C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In various parts of PJSIP, when error/failure occurs, it is found that the function returns without releasing the currently...

UBUNTU-CVE-2021-41141

PJSIP is a free and open source multimedia communication library written in the C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In various parts of PJSIP, when error/failure occurs, it is found that the function returns without releasing the currently...

PJSIP 安全漏洞

PJSIP is a free and open source multimedia communication library written in C that implements standards-based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. PJSIP suffers from a security vulnerability in various parts of PJSIP when error/failure occurs, it is found that the function return...

Kernel update: Virtuozzo ReadyKernel patch 136.0 for Virtuozzo Hybrid Server 7.0, 7.5

The cumulative Virtuozzo ReadyKernel patch was updated with a stability fix. The patch applies to all supported kernels of Virtuozzo Hybrid Server 7. Vulnerability id: PSBM-134905 3.10.0-1062.12.1.vz7.131.10 to 3.10.0-1160.41.1.vz7.183.5 nfsd: memory corruption and kernel crash in nfsd4lock. It w...

CVE-2021-41847

An issue was discovered in 3xLogic Infinias Access Control through 6.7.10708.0, affecting physical security. Users with login credentials assigned to a specific zone can send modified HTTP GET and POST requests, allowing them to view user data such as personal information and Prox card credential...

Information disclosure

An issue was discovered in 3xLogic Infinias Access Control through 6.7.10708.0, affecting physical security. Users with login credentials assigned to a specific zone can send modified HTTP GET and POST requests, allowing them to view user data such as personal information and Prox card credential...

CVE-2021-41847

An issue was discovered in 3xLogic Infinias Access Control through 6.7.10708.0, affecting physical security. Users with login credentials assigned to a specific zone can send modified HTTP GET and POST requests, allowing them to view user data such as personal information and Prox card credential...

GHSA-7F92-RR6W-CQ64 Storage corruption due to variables overwritten by re-entrancy locks

Background When attempting to use the v0.2.14 release, @pandadefi discovered an issue using the @nonreentrant decorator. Impact Reentrancy protection storage slots get allocated to the same slots as storage variables, leading to the corruption of storage variables when using the @nonreentrant...

PT-2021-8254 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a deadlock in the Linux kernel, specifically in the cdnsp thread irq handler function. The root cause is the use of spin lock and spin unlock instructions inste...

SUSE-SU-2021:0956-1 Security update for libzypp, zypper

This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.43: - doc: give more details about creating versioned package locks bsc1181622 - man: Document synonymously used patch categories bsc1179847 - Fix source-download commands help bsc1180663 - man: Recommend to...

Cpanel Security Breach

Cpanel is a set of Web-based automated colocation platform from Cpanel, Inc. in the United States. The platform is primarily used to automate the management of websites and servers. A security vulnerability exists in cPanel 92.0.9, which stems from a program that allows resellers to bypass...

dotnet: ASP.NET Core Callbacks outside of locks cause Krestel deadlock when using HTTP2

A flaw was found in dotnet. Running callbacks outside of locks results in Krestel deadlock using HTTP2. The highest threat from this vulnerability is to system availability...

dotnet: ASP.NET Core Callbacks outside of locks cause Krestel deadlock when using HTTP2

A flaw was found in dotnet. Running callbacks outside of locks results in Krestel deadlock using HTTP2. The highest threat from this vulnerability is to system availability...