GNU C Library 代码问题漏洞

The GNU C Library glibc, libc6 is an open-source, free C language compiler released under the LGPL license. A security vulnerability exists in the GNU C Library aka glibc version 2.34 and earlier versions of librt, which stems from sysdeps/unix/sysv/linux/mqnotify.c incorrectly handling certain...

WordPress Ad Blocker Notify Lite plugin <= 2.4.0 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by iohex and WPScanTeam in WordPress Ad Blocker Notify Lite plugin versions = 2.4.0. Solution 2021-08-25 - no patched version is available. Deactivate and delete...

CVE-2020-18170

An issue in the SeChangeNotifyPrivilege component of Abloy Key Manager Version 7.14301.0.0 allows attackers to escalate privileges via a change in permissions...

The vulnerability of the wsrep_notify_cmd modification in the MariaDB database, which stems from the lack of measures to sanitize input data, allows attackers to access confidential information or cause service failures.

The vulnerability of the wsrepnotifyCmd modification in the MariaDB database is related to the lack of measures for cleaning input data. Exploiting this vulnerability can allow a malicious actor to gain access to confidential information or cause service failures...

UVI-2021-1000828 bonding: init notify_work earlier to avoid uninitialized use

bonding: init notifywork earlier to avoid uninitialized use This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.4.273 by commit...

GSD-2021-1000749 net: caif: fix memory leak in caif_device_notify

net: caif: fix memory leak in caifdevicenotify This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.125 by commit...

OPENSUSE-SU-2021:0899-1 Security update for salt

This update for salt fixes the following issues: Update to Salt release version 3002.2 jscECO-3212, jscSLE-18033, jscSLE-18028 - Check if dpkgnotify is executable bsc1186674 - Drop support for Python2. Obsoletes python2-salt package jscSLE-18028 - virt module updates network: handle missing ipv4...

CVE-2021-0477

In notifyScreenshotError of ScreenshotNotificationsController.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersion...

SUSE: Security Advisory (SUSE-SU-2013:1668-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

reg-notify-github-plugin (>=0.0.18 <=0.0.20) potentially affected by CVE-2021-32673 via reg-keygen-git-hash-plugin (>=0.0.17 <=0.0.19)

reg-keygen-git-hash-plugin NPM version =0.0.17, =0.0.18, =0.0.20 Source cves: CVE-2021-32673 Source advisory: OSV:GHSA-49Q3-8867-5WMP...

PT-2024-11174 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A memory leak issue has been resolved in the Linux kernel. The problem occurs when caif enroll dev fails, and the allocated link support is not assigned to the corresponding structure...

UBUNTU-CVE-2021-33574

The mqnotify function in the GNU C Library aka glibc versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object passed through its struct sigevent parameter after it has been freed by the caller, leading to a denial of service application crash or possibly...

PT-2021-5558 · Gnu +7 · Glibc +7

Name of the Vulnerable Software and Affected Versions: glibc versions 2.32 and 2.33 Description: The issue is related to the mq notify function in the GNU C Library, which has a use-after-free problem. This occurs when the function uses the notification thread attributes object, passed through it...

SUSE-SU-2021:1648-1 Security update for xen

This update for xen fixes the following issues: Security issue fixed: - CVE-2021-28689: Fixed some x86 speculative vulnerabilities with bare non-shim 32-bit PV guests XSA-370 bsc1185104 - Make sure xencommons is in a format as expected by fillup. bsc1185682 Each comment needs to be followed by an...

samba: Missing handle permissions check in SMB1/2/3 ChangeNotify

A flaw was found in the way Samba handled file and directory permissions. This flaw allows an authenticated user to gain access to certain file and directory information, which otherwise would be unavailable. The highest threat from this vulnerability is to confidentiality...

SUSE SLES12 Security Update : xen (SUSE-SU-2021:1580-1)

This update for xen fixes the following issues : A recent systemd update caused a regression in 'xenstored.service' systemd now fails to track units that use systemd-notify. bsc1183790 Add a fix to delay between the call to 'systemd-notify' and the final exit of the wrapper script. bsc1185021,...

SUSE-SU-2021:1580-1 Security update for xen

This update for xen fixes the following issues: - A recent systemd update caused a regression in 'xenstored.service' systemd now fails to track units that use systemd-notify. bsc1183790 - Add a fix to delay between the call to 'systemd-notify' and the final exit of the wrapper script. bsc1185021,...

samba: Missing handle permissions check in SMB1/2/3 ChangeNotify

A flaw was found in the way Samba handled file and directory permissions. This flaw allows an authenticated user to gain access to certain file and directory information, which otherwise would be unavailable. The highest threat from this vulnerability is to confidentiality...

USN-4931-1 samba vulnerabilities

Steven French discovered that Samba incorrectly handled ChangeNotify permissions. A remote attacker could possibly use this issue to obtain file name information. CVE-2020-14318 Bas Alberts discovered that Samba incorrectly handled certain winbind requests. A remote attacker could possibly use th...

PT-2021-21280 · Signalwire +1 · Freeswitch +1

Name of the Vulnerable Software and Affected Versions: SignalWire freeswitch versions prior to 1.10.6 Description: An issue was discovered in the function sofia handle sip i notify in sofia.c, which may allow attackers to view sensitive information due to an uninitialized value. Recommendations:...