715 matches found
dotnet: ASP.NET Core Callbacks outside of locks cause Krestel deadlock when using HTTP2
A flaw was found in dotnet. Running callbacks outside of locks results in Krestel deadlock using HTTP2. The highest threat from this vulnerability is to system availability...
Laser-Based Hacking from Afar Goes Beyond Amazon Alexa
Imagine someone hacking into an Amazon Alexa device using a laser beam and then doing some online shopping using that person account. This is a scenario presented by a group of researchers who are exploring why digital home assistants and other sensing systems that use sound commands to perform...
CVE-2018-20803 Infinite loop in aggregation expression
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which loop indefinitely in mathematics processing while retaining locks. This issue affects MongoDB Server v4.0 versions prior to 4.0.5; MongoDB Server v3.6 versions prior to 3.6.10...
CVE-2018-20803
Removed by vendor...
PT-2020-8674 · Mongodb · Mongodb Server +1
Name of the Vulnerable Software and Affected Versions: MongoDB Server versions prior to 4.0.5 MongoDB Server versions prior to 3.6.10 MongoDB Server versions prior to 3.4.19 Description: A user authorized to perform database queries may trigger denial of service by issuing specially crafted...
MongoDB 输入验证错误漏洞
Mongodb Server is the United States Mongodb company's set of open source NoSQL database . The database provides collection-oriented storage , dynamic query , data replication and automatic failover and other functions . An input validation error vulnerability exists in the MongoDB Server version,...
Google makes app to lock devices if users default on payment
By Sudais Asif Google ash released an app that aims at locking the devices of users who default on their smartphone financing payments. This is a post from HackRead.com Read the original post: Google makes app to lock devices if users default on payment...
idm:DL1 bug fix update
AlmaLinux Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Bug Fixes: nsslapd-db-locks patching no longer works BZ1882472...
ALBA-2020:4857 idm:DL1 bug fix update
AlmaLinux Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Bug Fixes: nsslapd-db-locks patching no longer works BZ1882472...
CVE-2020-15530
An issue was discovered in Valve Steam Client 2.10.91.91. The installer allows local users to gain NT AUTHORITY\SYSTEM privileges because some parts of %PROGRAMFILESX86%\Steam and/or %COMMONPROGRAMFILESX86%\Steam have weak permissions during a critical time window. An attacker can make this time...
CVE-2020-15530
An issue was discovered in Valve Steam Client 2.10.91.91. The installer allows local users to gain NT AUTHORITY\SYSTEM privileges because some parts of %PROGRAMFILESX86%\Steam and/or %COMMONPROGRAMFILESX86%\Steam have weak permissions during a critical time window. An attacker can make this time...
CVE-2020-15529
An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when a user installs a game or performs a verify/repair operation. The issue exists because of weak file permissions and can be exploited by using opportunistic locks...
CVE-2020-15529
An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when a user installs a game or performs a verify/repair operation. The issue exists because of weak file permissions and can be exploited by using opportunistic locks...
CVE-2020-15530
An issue was discovered in Valve Steam Client 2.10.91.91. The installer allows local users to gain NT AUTHORITY\SYSTEM privileges because some parts of %PROGRAMFILESX86%\Steam and/or %COMMONPROGRAMFILESX86%\Steam have weak permissions during a critical time window. An attacker can make this time...
Design/Logic Flaw
An issue was discovered in Valve Steam Client 2.10.91.91. The installer allows local users to gain NT AUTHORITY\SYSTEM privileges because some parts of %PROGRAMFILESX86%\Steam and/or %COMMONPROGRAMFILESX86%\Steam have weak permissions during a critical time window. An attacker can make this time...
Design/Logic Flaw
An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when a user installs a game or performs a verify/repair operation. The issue exists because of weak file permissions and can be exploited by using opportunistic locks...
CVE-2020-15529
An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when a user installs a game or performs a verify/repair operation. The issue exists because of weak file permissions and can be exploited by using opportunistic locks...
CVE-2020-15530
Valve Steam Client 2.10.91.91 is affected by a local privilege-escalation issue in the installer. The vulnerability arises from weak permissions in parts of %PROGRAMFILES(X86)%\Steam and/or %COMMONPROGRAMFILES(X86)%\Steam during a critical time window, which an attacker can extend using opportuni...
CVE-2020-15530
An issue was discovered in Valve Steam Client 2.10.91.91. The installer allows local users to gain NT AUTHORITY\SYSTEM privileges because some parts of %PROGRAMFILESX86%\Steam and/or %COMMONPROGRAMFILESX86%\Steam have weak permissions during a critical time window. An attacker can make this time...
bitcoind/Bitcoin-Qt/wxBitcoin Resource Management Errors
Bitcoin is an electronic currency created with open source P2P software. A vulnerability exists in bitcoind and Bitcoin-Qt, wxBitcoin, which stems from the program not taking into account that block sizes may require more database locks. A remote attacker could exploit the vulnerability by...