684 matches found
CVE-2007-4774
The Linux kernel before 2.4.36-rc1 has a race condition. It was possible to bypass systrace policies by flooding the ptraced process with SIGCONT signals, which can can wake up a PTRACED process...
CVE-2007-4774
The Linux kernel before 2.4.36-rc1 has a race condition. It was possible to bypass systrace policies by flooding the ptraced process with SIGCONT signals, which can can wake up a PTRACED process...
CVE-2007-4774
The Linux kernel before 2.4.36-rc1 has a race condition. It was possible to bypass systrace policies by flooding the ptraced process with SIGCONT signals, which can can wake up a PTRACED process...
GHSA-HVMF-R92R-27HR Django allows unintended model editing
Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, allowing POST requests,...
FreeBSD : Django -- multiple vulnerabilities (4e3fa78b-1577-11ea-b66e-080027bdabe8)
Django release reports : CVE-2019-19118: Privilege escalation in the Django admin. Since Django 2.1, a Django model admin displaying a parent model with related model inlines, where the user has view-only permissions to a parent model but edit permissions to the inline model, would display a...
DEBIAN-CVE-2019-19118
Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, allowing POST requests,...
PYSEC-2019-85
Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, allowing POST requests,...
PYSEC-2019-15
Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, allowing POST requests,...
PT-2019-15772 · Django Software Foundation +1 · Django +1
Name of the Vulnerable Software and Affected Versions: Django versions 2.1 through 2.1.14 Django versions 2.2 through 2.2.7 Description: The issue allows unintended model editing in certain configurations. When a Django model admin displays inline related models and the user has view-only...
Memory Leaks
socket.io-adapter is vulnerable to memory leak.This occurs because the function Adapter.prototype.del in index.js leaves a room without properly validating the closure of a socket, allowing an attacker to trigger memory leaks by sending the leave signals...
Microsoft’s 4 principles for an effective security operations center
The Microsoft Cyber Defense Operations Center CDOC fields trillions of security signals every day. How do we identify and respond to the right threats? One thing that won’t surprise you: we leverage artificial intelligence AI, machine learning, and automation to narrow the focus. But technology i...
Walk/Don't Walk: Secure, Intelligent Application Access with Enhanced Security Signals
Digital business transformation has meant a continued shift in the way organizations think about secure access. The focus on security has moved away from data centers and toward users. Workforce productivity, flexibility, and application performance are driving the demand to give users...
CVE-2018-21008
A use-after-free flaw was found in the Linux kernel's Redpine Signals driver implementation. A local attacker who is able force a module load rsisdio or usb plug/unplug could cause a system crash or memory corruption leading to privilege escalation. The highest threat from this vulnerability is t...
[SECURITY] Fedora 31 Update: libtevent-0.10.1-1.fc31
Tevent is an event system based on the talloc memory management library. Tevent has support for many event types, including timers, signals, and the classic file descriptor events. Tevent also provide helpers to deal with asynchronous code providing the teventreq Tevent Request functions...
USN-4116-1 linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
It was discovered that a use-after-free error existed in the block layer subsystem of the Linux kernel when certain failure conditions occurred. A local attacker could possibly use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2018-20856 Amit Klein and Ben...
USN-4114-1 linux, linux-azure, linux-gcp, linux-gke-5.0, linux-hwe, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
Amit Klein and Benny Pinkas discovered that the Linux kernel did not sufficiently randomize IP ID values generated for connectionless networking protocols. A remote attacker could use this to track particular Linux devices. CVE-2019-10638 Praveen Pandey discovered that the Linux kernel did not...
Executing on the vision of Microsoft Threat Protection
Over the last several months, we’ve provided regular updates on the rapid progress we’re making with Microsoft Threat Protection, which enables your organization to: Protect your assets with identity-driven security and powerful conditional access policies which ensure your assets are secured fro...
Siemens SIPLUS IM153-2 BA02 Interface Module Detection
Binary data 750348.prm...
CVE-2019-9860
Due to unencrypted signal communication and predictability of rolling codes, an attacker can "desynchronize" an ABUS Secvest wireless remote control FUBE50014 or FUBE50015 relative to its controlled Secvest wireless alarm system FUAA50000 3.01.01, so that sent commands by the remote control are n...
ABUS Secvest FUBE50014 and ABUS Secvest FUBE50015 Denial of Service Vulnerabilities
ABUS Secvest FUBE50014 and ABUS Secvest FUBE50015 are both wireless remote controls from ABUS Germany. A security vulnerability exists in the ABUS Secvest FUBE50014 and ABUS Secvest FUBE50015 due to unencrypted signal communication and the use of easily guessable scrolling codes. An attacker coul...