Buffer overflow

Amazon WorkSpaces agent is affected by Buffer Overflow. IOCTL Handler 0x22001B in the Amazon WorkSpaces agent below v1.0.1.1537 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service memory corruption and OS crash via specially crafted I/O Request Packet...

CVE-2021-43638

The CVE-2021-43638 entry affects the Amazon WorkSpaces agent. The issue is an Integer Overflow in the IOCTL Handler 0x22001B in the Amazon WorkSpaces agent below v1.0.1.1537, allowing local attackers to execute arbitrary kernel‑mode code or cause a denial of service (memory corruption and OS cras...

CVE-2021-43638

Amazon Amazon WorkSpaces agent is affected by Integer Overflow. IOCTL Handler 0x22001B in the Amazon WorkSpaces agent below v1.0.1.1537 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service memory corruption and OS crash via specially crafted I/O Request Pack...

CVE-2021-43637

The CVE-2021-43637 entry concerns Amazon WorkSpaces agent, with a Buffer Overflow in IOCTL Handler 0x22001B for versions below 1.0.1.1537. The vulnerability allows local attackers to run arbitrary code in kernel mode or cause memory corruption and an OS crash via specially crafted I/O Request Pac...

CVE-2021-43637

Amazon WorkSpaces agent is affected by Buffer Overflow. IOCTL Handler 0x22001B in the Amazon WorkSpaces agent below v1.0.1.1537 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service memory corruption and OS crash via specially crafted I/O Request Packet...

Amazon WorkSpaces 安全漏洞

Amazon WorkSpaces is a fully managed persistent desktop virtualization service from Amazon that lets your users access the data, applications, and resources they need from any supported device, anywhere, anytime. Amazon WorkSpaces is vulnerable to a buffer overflow vulnerability that could be...

Amazon WorkSpaces 输入验证错误漏洞

Amazon Workspaces is a fully managed persistent desktop virtualization service from Amazon that lets your users access the data, applications, and resources they need from any supported device, anytime, anywhere. Amazon Workspaces is vulnerable to an integer overflow vulnerability that could be...

PT-2021-14726 · Jenkins · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.314 and earlier Jenkins LTS versions 2.303.1 and earlier Description: The file browser in Jenkins may interpret some paths to files as absolute on Windows, resulting in a path traversal issue. This allows attackers with...

Amazon WorkSpaces Parameter Injection Vulnerability

Amazon WorkSpaces, a fully managed persistent desktop virtualization service from Amazon, lets your users access the data, applications, and resources they need from any supported device, anytime, anywhere. In Amazon AWS WorkSpaces clients prior to version 3.1.9 on Windows, parameter injection in...

CVE-2021-38112

In the Amazon AWS WorkSpaces client 3.0.10 through 3.1.8 on Windows, argument injection in the workspaces:// URI handler can lead to remote code execution because of the Chromium Embedded Framework CEF --gpu-launcher argument. This is fixed in 3.1.9...

CVE-2021-38112

In the Amazon AWS WorkSpaces client 3.0.10 through 3.1.8 on Windows, argument injection in the workspaces:// URI handler can lead to remote code execution because of the Chromium Embedded Framework CEF --gpu-launcher argument. This is fixed in 3.1.9...

Design/Logic Flaw

In the Amazon AWS WorkSpaces client 3.0.10 through 3.1.8 on Windows, argument injection in the workspaces:// URI handler can lead to remote code execution because of the Chromium Embedded Framework CEF --gpu-launcher argument. This is fixed in 3.1.9...

CVE-2021-38112

CVE-2021-38112 affects the Amazon AWS WorkSpaces Windows client versions 3.0.10 through 3.1.8. The vulnerability is caused by argument injection in the workspaces:// URI handler via the Chromium Embedded Framework (CEF) --gpu-launcher argument, which can lead to remote code execution. The issue i...

CVE-2021-38112

In the Amazon AWS WorkSpaces client 3.0.10 through 3.1.8 on Windows, argument injection in the workspaces:// URI handler can lead to remote code execution because of the Chromium Embedded Framework CEF --gpu-launcher argument. This is fixed in 3.1.9...

Amazon WorkSpaces 参数注入漏洞

Amazon WorkSpaces, a fully managed persistent desktop virtualization service from Amazon, lets your users access the data, applications, and resources they need from any supported device, anytime, anywhere. In Amazon AWS WorkSpaces clients prior to version 3.1.9 on Windows, parameter injection in...

CVE-2021-38112: AWS WorkSpaces Remote Code Execution

The post CVE-2021-38112: AWS WorkSpaces Remote Code Execution appeared first on Rhino Security Labs...

cmake bug fix and enhancement update

CMake is an open source, cross-platform build system that is used to control the software compilation process using simple platform- and compiler-independent configuration files. CMake generates native makefiles and workspaces that can be used in the compiler environment of your choice. Bug Fixes...

CVE-2020-13667

Access bypass vulnerability in of Drupal Core Workspaces allows an attacker to access data without correct permissions. The Workspaces module doesn't sufficiently check access permissions when switching workspaces, leading to an access bypass vulnerability. An attacker might be able to see conten...

CVE-2020-13667

Access bypass vulnerability in of Drupal Core Workspaces allows an attacker to access data without correct permissions. The Workspaces module doesn't sufficiently check access permissions when switching workspaces, leading to an access bypass vulnerability. An attacker might be able to see conten...

Security feature bypass

Access bypass vulnerability in of Drupal Core Workspaces allows an attacker to access data without correct permissions. The Workspaces module doesn't sufficiently check access permissions when switching workspaces, leading to an access bypass vulnerability. An attacker might be able to see conten...