54 matches found
SUSE CVE-2022-50366
In the Linux kernel, the following vulnerability has been resolved: powercap: intelrapl: fix UBSAN shift-out-of-bounds issue When value timeunit, the parameter of ilog2 will be zero and the return value is -1. u64-1 is too large for shift exponent and then will trigger shift-out-of-bounds: shift...
UBUNTU-CVE-2022-50366
In the Linux kernel, the following vulnerability has been resolved: powercap: intelrapl: fix UBSAN shift-out-of-bounds issue When value timeunit, the parameter of ilog2 will be zero and the return value is -1. u64-1 is too large for shift exponent and then will trigger shift-out-of-bounds: shift...
CVE-2022-50366 powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue
In the Linux kernel, the following vulnerability has been resolved: powercap: intelrapl: fix UBSAN shift-out-of-bounds issue When value timeunit, the parameter of ilog2 will be zero and the return value is -1. u64-1 is too large for shift exponent and then will trigger shift-out-of-bounds: shift...
PT-2025-38176
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a flaw within the powercap and intel rapl components. A shift-out-of-bounds issue occurs when a value is less than the time unit, leading to an excessively...
Linux Distros Unpatched Vulnerability : CVE-2022-42320
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. When a domain is gone, there might be Xensto...
PT-2024-22620 · Levelone · Levelone Wbr-6012
Name of the Vulnerable Software and Affected Versions: LevelOne WBR-6012 affected versions not specified Description: A security issue exists due to hard-coded credentials in the web services of the affected device. This allows attackers to gain unauthorized access within the first 30 seconds aft...
PT-2024-23796 · Levelone · Levelone Wbr-6012
Name of the Vulnerable Software and Affected Versions: LevelOne WBR-6012 affected versions not specified Description: A security issue exists due to hard-coded credentials in the web services of the affected device. This allows attackers to gain unauthorized access within the first 30 seconds aft...
GHSA-48GG-32Q2-4R6M Hyperledger Fabric does not verify request has a timestamp within the expected time window
Hyperledger Fabric through 2.5.9 does not verify that a request has a timestamp within the expected time window...
Hyperledger Fabric 安全漏洞
Hyperledger Fabric is an enterprise-licensed distributed ledger framework open-sourced by Hyperledger. It is used to develop solutions and applications. A security vulnerability exists in Hyperledger Fabric version 2.5.9 that stems from an inability to verify that a request is timestamped within...
CVE-2023-29483
eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in whic...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has a security vulnerability that stems from the existence of an available time window...
Design/Logic Flaw
A vulnerability in the endpoint software of Cisco Secure Endpoint for Windows could allow an authenticated, local attacker to evade endpoint protection within a limited time window. This vulnerability is due to a timing issue that occurs between various software components. An attacker could...
CVE-2023-20084
A vulnerability in the endpoint software of Cisco Secure Endpoint for Windows could allow an authenticated, local attacker to evade endpoint protection within a limited time window. This vulnerability is due to a timing issue that occurs between various software components. An attacker could...
Fedora 38 : tang (2023-3e84bba241)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-3e84bba241 advisory. Fixes CVE-2023-1672 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not teste...
PT-2023-10639 · Rapid7 · Nexpose +1
Name of the Vulnerable Software and Affected Versions: Nexpose virtual appliances versions downloaded between April 5th, 2017 and May 3rd, 2017 InsightVM virtual appliances versions downloaded between April 5th, 2017 and May 3rd, 2017 Description: The issue concerns Nexpose and InsightVM virtual...
IBM OPENBMC OP910 安全漏洞
IBM OPENBMC OP910 is a POWER8 and POWER9 emulator from International Business Machines IBM. A security vulnerability exists in IBM OPENBMC OP910 and OP940 that originates from allowing a privileged user to cause a denial of service by uploading or deleting too many CA certificates in a short peri...
CVE-2022-37024
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 2022-07-29 through 2022-07-30 125658, 126003, 126105, and 126120 allow authenticated users to make database changes that lead to remote code execution...
Multi-Factor Authentication issue in Laravel Fortify
Laravel Fortify before 1.11.1 allows reuse within a short time window, thus calling into question the "OT" part of the "TOTP" concept...
CVE-2022-25838
Laravel Fortify before 1.11.1 allows reuse within a short time window, thus calling into question the "OT" part of the "TOTP" concept...
Hardcoded credentials
NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller, which may allow a user with elevated privileges to instantiate a DMA write operation only within a specific time window timed to corrupt code execution, which may impact confidentiality, integrity, or...