Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability

...

Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability

...

Microsoft Win32k 安全漏洞

Microsoft Win32k is a system file for Windows multi-user management from Microsoft USA. A security vulnerability exists in Microsoft Win32k. An attacker could exploit the vulnerability to elevate privileges. The following products and versions are affected:Windows 11 version 21H2 for x64-based...

Microsoft Win32k 安全漏洞

Microsoft Win32k is a system file for Windows multi-user management from Microsoft USA. A security vulnerability exists in Microsoft Win32k. An attacker can exploit the vulnerability to elevate privileges. The following products and versions are affected: Windows Server 2022,Windows Server 2022...

NewStart CGSL MAIN 6.02 : samba Multiple Vulnerabilities (NS-SA-2024-0054)

The remote NewStart CGSL host, running version MAIN 6.02, has samba packages installed that are affected by multiple vulnerabilities: - Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted...

FreeBSD : FreeBSD -- Multiple issues in ctl(4) CAM Target Layer (9bd5e47b-6b50-11ef-9a62-002590c1f29c)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 9bd5e47b-6b50-11ef-9a62-002590c1f29c advisory. Several vulnerabilities were found in the ctl subsystem. The function ctlwritebuffer incorrect...

CVE-2024-45157

An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1, in which the user-selected algorithm is not used. Unlike previously documented, enabling MBEDTLSPSAHMACDRBGMDTYPE does not cause the PSA subsystem to use HMACDRBG: it uses HMACDRBG only when MBEDTLSPSACRYPTOEXTERNALRNG and...

CVE-2023-51712

An issue was discovered in Trusted Firmware-M through 2.0.0. The lack of argument verification in the logging subsystem allows attackers to read sensitive data via the login function...

CVE-2023-51712

An issue was discovered in Trusted Firmware-M through 2.0.0. The lack of argument verification in the logging subsystem allows attackers to read sensitive data via the login function...

SUSE CVE-2024-44953

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix deadlock during RTC update There is a deadlock when runtime suspend waits for the flush of RTC work, and the RTC work calls ufshcdrpmgetsync to wait for runtime resume. Here is deadlock backtrace: kworker/0:1...

CVE-2023-51712

An issue was discovered in Trusted Firmware-M through 2.0.0. The lack of argument verification in the logging subsystem allows attackers to read sensitive data via the login function...

CVE-2023-51712

Trusted Firmware-M (through version 2.0.0) is affected by CVE-2023-51712 due to an argument verification flaw in the logging subsystem, which can allow an attacker to read sensitive data via the login function. The issue is described consistently across Red Hat, NVD, OSV, CNNVD, CVE listings, and...

CVE-2024-45157

CVE-2024-45157 affects Mbed TLS releases prior to 2.28.9 and 3.x prior to 3.6.1, where the user-selected algorithm is not honored. Specifically, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does not switch PSA to HMAC_DRBG; HMAC_DRBG is used only when MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_CTR_DRB...

CVE-2023-51712

An issue was discovered in Trusted Firmware-M through 2.0.0. The lack of argument verification in the logging subsystem allows attackers to read sensitive data via the login function...

CVE-2024-45157

An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1, in which the user-selected algorithm is not used. Unlike previously documented, enabling MBEDTLSPSAHMACDRBGMDTYPE does not cause the PSA subsystem to use HMACDRBG: it uses HMACDRBG only when MBEDTLSPSACRYPTOEXTERNALRNG and...

CVE-2024-45157

An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1, in which the user-selected algorithm is not used. Unlike previously documented, enabling MBEDTLSPSAHMACDRBGMDTYPE does not cause the PSA subsystem to use HMACDRBG: it uses HMACDRBG only when MBEDTLSPSACRYPTOEXTERNALRNG and...

DEBIAN-CVE-2024-44988

In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: Fix out-of-bound access If an ATU violation was caused by a CPU Load operation, the SPID could be larger than DSAMAXPORTS the size of mv88e6xxxchip.ports array...

UBUNTU-CVE-2024-44998

In the Linux kernel, the following vulnerability has been resolved: atm: idt77252: prevent use after free in dequeuerx We can't dereference "skb" after calling vcc-push because the skb is released...

DEBIAN-CVE-2024-44971

In the Linux kernel, the following vulnerability has been resolved: net: dsa: bcmsf2: Fix a possible memory leak in bcmsf2mdioregister bcmsf2mdioregister calls ofphyfinddevice and then phydeviceremove in a loop to remove existing PHY devices. ofphyfinddevice eventually calls busfinddevice, which...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel, which stems from a potential memory over-allocation problem in the input subsystem Input: MT...