39 matches found
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the incorrect setting of a special inode in hfsplus as of the SIFREG type, potentially leading to...
Pepr Has Overly Permissive RBAC ClusterRole in Admin Mode
Severity: LOW Target: /workspace/pepr/src/lib/assets/rbac.ts Endpoint: Kubernetes RBAC configuration Method: Deployment Response / Rationale Pepr defaults to rbacMode: "admin" because the initial experience is designed to be frictionless for new users. This mode ensures that users can deploy and...
EUVD-2025-201643
In the Linux kernel, the following vulnerability has been resolved: media: videobuf2: forbid removebufs when legacy fileio is active vb2ioctlremovebufs call manipulates queue internal buffer list, potentially overwriting some pointers used by the legacy fileio access mode. Forbid that ioctl when...
EUVD-2019-5864
Malware in sbrugna...
CVE-2019-14716
Verifone VerixV Pinpad Payment Terminals with QT000530 have an undocumented physical access mode aka VerixV shell.out...
CVE-2019-13945
A vulnerability has been identified in SIMATIC S7-1200 CPU family incl. SIPLUS variants All versions, SIMATIC S7-1200 CPU family V4.x incl. SIPLUS variants All versions, SIMATIC S7-1200 CPU family V4.x incl. SIPLUS variants All versions with Function State FS 11, SIMATIC S7-200 SMART CPU CR20s 6E...
UBUNTU-CVE-2024-49937
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: Set correct chandef when starting CAC When starting CAC in a mode other than AP mode, it return a "WARNING: CPU: 0 PID: 63 at cfg80211chandefdfsusable+0x20/0xaf cfg80211" caused by the chandef.chan being null at t...
CVE-2023-44122 LockScreenSettings - Theft arbitrary files with system privilege
The vulnerability is to theft of arbitrary files with system privilege in the LockScreenSettings "com.lge.lockscreensettings" app in the "com/lge/lockscreensettings/dynamicwallpaper/MyCategoryGuideActivity.java" file. The main problem is that the app launches implicit intents that can be...
PT-2023-2213 · Cisco · Cisco Duo
Name of the Vulnerable Software and Affected Versions: Cisco Duo versions affected versions not specified Description: The issue is related to a vulnerability in the offline access mode of Cisco Duo Two-Factor Authentication, which could allow an unauthenticated, physical attacker to replay valid...
hostapd 加密问题漏洞
hostapd is a user space daemon for access points and authentication servers. A cryptographic issue vulnerability exists in hostapd that stems from a cached access mode error in the hostapd and wpa supplicant components of the product. An attacker could launch a side-channel attack via this...
Apache Ozone input validation error vulnerability
Apache Ozone is an application. A scalable, redundant and distributed object store for Hadoop and cloud-native environments, an input validation error vulnerability exists in Apache Ozone, which stems from the product's Ozone Datanode not checking the block token's access mode parameter. An...
GHSA-C6J7-4FR9-C76P Incorrect permissions in Apache Ozone
In Apache Ozone before 1.2.0, Ozone Datanode doesn't check the access mode parameter of the block token. Authenticated users with valid READ block token can do any write operation on the same block...
Privilege Escalation
hadoop-ozone-ozone-manager is vulnerable to privilege escalation. The library does not check the access mode parameter of the block token, allowing an attacker with a read block token to do write operations...
CVE-2021-39235
In Apache Ozone before 1.2.0, Ozone Datanode doesn't check the access mode parameter of the block token. Authenticated users with valid READ block token can do any write operation on the same block...
Code injection
In Apache Ozone before 1.2.0, Ozone Datanode doesn't check the access mode parameter of the block token. Authenticated users with valid READ block token can do any write operation on the same block...
CVE-2021-39235 Access mode of block tokens are not enforced
In Apache Ozone before 1.2.0, Ozone Datanode doesn't check the access mode parameter of the block token. Authenticated users with valid READ block token can do any write operation on the same block...
Apache Ozone 输入验证错误漏洞
Apache Ozone is an application. A scalable, redundant and distributed object store for Hadoop and cloud-native environments, an input validation error vulnerability exists in Apache Ozone, which stems from the product's Ozone Datanode not checking the block token's access mode parameter. An...
PT-2021-22485 · Apache · Apache Ozone
Name of the Vulnerable Software and Affected Versions: Apache Ozone versions prior to 1.2.0 Description: The issue arises because the Ozone Datanode in Apache Ozone does not check the access mode parameter of the block token. As a result, authenticated users who have a valid READ block token can...
Huawei Data Communication: Configuring the SSH Access Mode
The user access mode. If the non-SSH mode is configured, the user access mode is not secure. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later...
CVE-2019-14716
Verifone VerixV Pinpad Payment Terminals with QT000530 have an undocumented physical access mode aka VerixV shell.out...