PT-2022-34653 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.145 Description: A potential security issue exists due to a missing lock in the cgroup attach task all function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Lin...

PT-2022-34585 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v5.19.9 through v5.19.11 Description: A potential security issue exists due to a missing cpus read lock call in the cgroup attach task all function. The actual impact and attack plausibility have not yet been proven...

CVE-2022-22093

Memory corruption or temporary denial of service due to improper handling of concurrent hypervisor operations to attach or detach IRQs from virtual interrupt sources in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile...

Nuclide Improper Input Validation

The hhvm-attach deep link handler in Nuclide did not properly sanitize the provided hostname parameter when rendering. As a result, a malicious URL could be used to render HTML and other content inside of the editor's context, which could potentially be chained to lead to code execution. This iss...

GHSA-R83X-WJ75-V89R Nuclide Improper Input Validation

The hhvm-attach deep link handler in Nuclide did not properly sanitize the provided hostname parameter when rendering. As a result, a malicious URL could be used to render HTML and other content inside of the editor's context, which could potentially be chained to lead to code execution. This iss...

CVE-2022-24854

Metabase is an open source business intelligence and analytics application. SQLite has an FDW-like feature called ATTACH DATABASE, which allows connecting multiple SQLite databases via the initial connection. If the attacker has SQL permissions to at least one SQLite database, then it can attach...

CVE-2022-24854 Database bypassing any permissions in Metabase via SQlite attach

Metabase is an open source business intelligence and analytics application. SQLite has an FDW-like feature called ATTACH DATABASE, which allows connecting multiple SQLite databases via the initial connection. If the attacker has SQL permissions to at least one SQLite database, then it can attach...

Metabase 安全漏洞

Metabase is an open source data analytics platform from Metabase, Inc. in the United States. Metabase suffers from a security vulnerability that stems from the fact that SQLite has an FDW-like feature called ATTACH DATABASE that allows multiple SQLite databases to be connected via an initial join...

GSD-2022-1000490 drm/vc4: Fix deadlock on DSI device attach error

drm/vc4: Fix deadlock on DSI device attach error This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.10 by commit...

GSD-2022-1000415 drm/vc4: Fix deadlock on DSI device attach error

drm/vc4: Fix deadlock on DSI device attach error This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.24 by commit...

virglrenderer 安全漏洞

virglrenderer is a VirGL virtual OpenGL renderer. A security vulnerability exists in virglrenderer, which allows an attacker on a guest system to read memory fragments of virgl via VIRTIOGPUCMDRESOURCEATTACHBACKING to obtain sensitive information on the host system...

WordPress Download Manager Plugin Cross-Site Scripting (CVE-2021-24773)

A stored cross-site scripting vulnerability exists in Download Manager Plugin for WordPress. The vulnerability is due to insufficient sanitization of user-supplied data in Attach File section...

GHSA-R562-M862-63W3 APM Java Agent Local Privilege Escalation

A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application running with the APM Java agent. Using this vector, a malicious or compromised user account could use the agent to run commands at a higher level of...

APM Java Agent Local Privilege Escalation

A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application running with the APM Java agent. Using this vector, a malicious or compromised user account could use the agent to run commands at a higher level of...

CVE-2021-37941

A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application running with the APM Java agent. Using this vector, a malicious or compromised user account could use the agent to run commands at a higher level of...

CVE-2021-37941

A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application running with the APM Java agent. Using this vector, a malicious or compromised user account could use the agent to run commands at a higher level of...

Privilege escalation

A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application running with the APM Java agent. Using this vector, a malicious or compromised user account could use the agent to run commands at a higher level of...

CVE-2021-37941

A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application running with the APM Java agent. Using this vector, a malicious or compromised user account could use the agent to run commands at a higher level of...

GHSA-M2V2-8227-59F5 Exposure of sensitive information in concrete5/core

In Concrete CMS formerly concrete 5 below 8.5.7, IDOR Allows Unauthenticated User to Access Restricted Files If Allowed to Add Message to a Conversation.To remediate this, a check was added to verify a user has permissions to view files before attaching the files to a message in "add / edit...

CVE-2021-39420

Multiple Cross Site Scripting XSS vulnerabilities exist in VFront 0.99.5 via the 1 s parameter in searchall.php and the 2 msg parameter in add.attach.php...