149 matches found
CLSA-2024-1714073581 Fix of 16 CVEs
Jammy update: v5.15.81 upstream stable release LP: 2003130 // CVE-url: https://ubuntu.com/security/CVE-2023-1382 - tipc: set con sock in tipcconnalloc - tipc: add an extra connget in tipcconnalloc CVE-url: https://ubuntu.com/security/CVE-2023-1998 - x86/speculation: Allow enabling STIBP with lega...
PT-2024-21962 · Alldata · Alldata
Name of the Vulnerable Software and Affected Versions: Alldata version 0.4.6 Description: The issue is related to Incorrect Access Control, resulting in the leakage of many modules' interface documents. For example, the "/api/system/v2/api-docs" module is affected. Recommendations: For Alldata...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a security issue with smpprocessorid in the scsi target core...
kernel: memcg does not limit the number of POSIX file locks allowing memory exhaustion
A flaw was found in the filelockinit in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface POSIX file locks...
Vulnerability of the system interface of the Android operating system, allowing a hacker to increase their privileges
The vulnerability of the Android operating system’s system interface is related to improper access control. Exploiting this vulnerability can allow a perpetrator to increase their privileges...
Wasmtime Security Breach
Wasmtime is a bytecode consortium project that is a standalone wasm-optimized runtime for WebAssembly and WASI only. A security vulnerability exists in Wasmtime. No information about this vulnerability is available at this time, so please stay tuned to CNNVD or the vendor announcement...
Google Chrome 安全漏洞
Google Chrome is a web browser from Google, Inc. A security vulnerability previously existed in Google Chrome version 112.0.5615.49, which stemmed from insufficient policy enforcement in the File System API...
SUSE CVE-2019-11811
An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmisi module is removed, related to drivers/char/ipmi/ipmisiintf.c, drivers/char/ipmi/ipmisimemio.c, and drivers/char/ipmi/ipmisiportio.c...
SUSE CVE-2021-21129
Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page...
CVE-2022-3443
Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass File System restrictions via a crafted HTML page. Chromium security severity: Low...
Google Chrome 安全漏洞
Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome prior to version 106.0.5249.62, which stems from insufficient data validation in the file system API, and can be exploited by remote attackers to bypass file system restrictions via a crafted HTML pa...
Hands-On IoT Hacking: Rapid7 at DEF CON 30 IoT Village, Pt. 2
Welcome back to our blog series on Rapid7's IoT Village exercise from DEF CON 30. Last week, we covered the basics of the exercise and achieving access to flash memory. In this post, we'll cover how to extract partition data. Extracting partition data The next step in our hands-on IoT hacking...
CVE-2022-0480
A flaw was found in the filelockinit in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface POSIX file locks...
Google Chrome 安全漏洞
Google Chrome is a web browser from Google Inc. in the United States. A security vulnerability exists in Google Chrome that stems from insufficient policy enforcement in the file system API...
Google Chrome 权限许可和访问控制问题漏洞
Google Chrome is a web browser from Google, Inc. A privilege permission and access control issue vulnerability exists in Google Chrome versions 70.0.3538.67 through 101.0.4951.67, which stems from insufficient policy enforcement in the file system API. A remote attacker could exploit the...
CVE-2021-3969
A Time of Check Time of Use TOCTOU vulnerability was reported in IMController, a software component of Lenovo System Interface Foundation, prior to version 1.1.20.3that could allow a local attacker to elevate privileges...
CVE-2021-3969
A Time of Check Time of Use TOCTOU vulnerability was reported in IMController, a software component of Lenovo System Interface Foundation, prior to version 1.1.20.3that could allow a local attacker to elevate privileges...
CVE-2021-3922
A race condition vulnerability was reported in IMController, a software component of Lenovo System Interface Foundation, prior to version 1.1.20.3 that could allow a local attacker to connect and interact with the IMController child process' named pipe...
Code injection
A Time of Check Time of Use TOCTOU vulnerability was reported in IMController, a software component of Lenovo System Interface Foundation, prior to version 1.1.20.3that could allow a local attacker to elevate privileges...
Race condition
A race condition vulnerability was reported in IMController, a software component of Lenovo System Interface Foundation, prior to version 1.1.20.3 that could allow a local attacker to connect and interact with the IMController child process' named pipe...