40447 matches found
The vulnerability of the Booco business automation platform, related to insufficient protection of operational data, allows a perpetrator to gain unauthorized access to the system and compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the Booco business automation platform is related to insufficient protection of operational data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to the system and compromise the confidentiality, integrity, and...
The vulnerability of the DHCP Server Service for Windows operating systems allows a perpetrator to cause a service failure.
The vulnerability of the DHCP Server Service for Windows operating systems is related to a violation of data protection mechanisms. Exploiting this vulnerability can allow an attacker, operating remotely, to cause service failures...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from inadequate RCU protection and could lead to read after release...
LS Electric GMWin 4
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information or execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize...
Wyse Management Suite WMS Information Disclosure Vulnerability
Wyse Management Suite WMS is a cloud and local management platform from Dell, Inc. It is used to centrally manage Wyse lightweight endpoint devices and supports remote configuration, firmware updates, security policy management and other features. An information disclosure vulnerability exists in...
Trend Micro Apex One 代码问题漏洞
Trend Micro Apex One is an endpoint protection software from Trend Micro. A security vulnerability exists in Trend Micro Apex One that stems from an uncontrolled search path that could lead to local elevation of privilege...
The vulnerability of the IBM Storage Protect data protection software platform for virtual environments lies in its authentication mechanisms’ deficiencies, which allow attackers to circumvent existing security restrictions.
The vulnerability of the IBM Storage Protect data protection software for virtual environments is related to deficiencies in the authentication mechanism. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions from a remote location...
The vulnerability of the implementation of the WOPI protocol for the ONLYOFFICE Docs office online package allows a perpetrator to carry out cross-site scripting attacks.
The vulnerability of the WOPI protocol implementation in the ONLYOFFICE Docs online package DocumentServer is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks by sending specially...
SUSE-SU-2025:01487-1 Security update for java-11-openjdk
This update for java-11-openjdk fixes the following issues: Upgrade to upstream tag jdk-11.0.27+6 April 2025 CPU CVEs: + CVE-2025-21587: Fixed JSSE unauthorized access, deletion or modification of critical data bsc1241274 + CVE-2025-30691: Fixed Oracle Java SE Compiler Unauthorized Data Access...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: openvswitch: Use RCU protection in ovsvportcmdfillinfo. ovsvportcmdfillinfo can be called without RTNL or RCU. Use RCU protection and devnetrcu to avoid potential UAF Use-After-Free errors...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: wifi: rtw89: Fixed a race condition between cancelhwscan and hwscancompletion. The rtwdev-scanning flag was not originally protected by a mutex. As a result, cancelHWSCAN could pass the condition, but suddenly hwscancompletion...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Acquiring SRCU in KVMGETMPSTATE to protect guest memory accesses Acquiring a lock on kvm-srcu when userspace is obtaining the MP state can lead to a severe edge case where processing APIC events, such as during pending...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: vxlan: Check the return value of vxlanvnigroupinit. vxlaninit must check the success of vxlanvnigroupinit. Otherwise, a crash may occur later, as detected by syzbot. Oops: General protection fault. This likely relates to a...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: USB: Type-C: Fix for NULL pointer access Concurrent calls to typecpartnerunlinkdevice can lead to a NULL pointer dereference. This patch adds a mutex to protect USB device pointers and prevent this issue. The same mutex also...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: ndisc: Extended RCU protection has been added to ndiscsendskb. The ndiscsendskb function can be called without holding RTNL or RCU. The rcureadlock function must be acquired earlier, so that we can use devnetrcu, and potential...
How to Protect Yourself From Phone Searches at the US Border
Customs and Border Protection has broad authority to search travelers’ devices when they cross into the United States. Here’s what you can do to protect your digital life while at the US border...
The vulnerability of the commercial vBulletin web forum, related to improper protection of the alternative path, allows a hacker to execute arbitrary code.
The vulnerability of the commercial vBulletin web forum is related to improper protection of an alternative path. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
TencentOS Server 3: curl (TSSA-2022:0142)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0142 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
The vulnerability of the IDE Assets component in the Xcode development environment allows a hacker to gain unauthorized access to protected information.
The vulnerability of the IDE Assets component in the Xcode development environment is related to insufficient protection of sensitive data. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...
The vulnerability of the vBulletin commercial web forum, related to improper protection of the alternative path, allows attackers to bypass existing security restrictions and execute arbitrary code.
The vulnerability of the commercial vBulletin web forum is related to improper protection of an alternative path. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions and execute arbitrary code...