GSD-2023-1001028 ACPICA: Fix error code path in acpi_ds_call_control_method()

ACPICA: Fix error code path in acpidscallcontrolmethod This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.86 by commit...

GSD-2023-1000603 ACPICA: Fix error code path in acpi_ds_call_control_method()

ACPICA: Fix error code path in acpidscallcontrolmethod This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.16 by commit...

SUSE SLES15 Security Update : kernel (Live Patch 16 for SLE 15 SP3) (SUSE-SU-2022:1948-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1948-1 advisory. - A use-after-free flaw was found in the Linux kernel's sound subsystem in the way a user triggers concurrent calls of PCM hwparams...

TP-Link WR886N 安全漏洞

The TP-Link TL-WR886N is a wireless router from China P&L. A stack overflow vulnerability exists in the TP-Link TL-WR886N /cloudconfig/routerpost/checkregverifycode, which can be exploited by a remote attacker to submit a special request that can crash the application or can be used to execute...

CVE-2021-34823

The ON24 ScreenShare aka DesktopScreenShare.app plugin before 2.0 for macOS allows remote file access via its built-in HTTP server. This allows unauthenticated remote users to retrieve files accessible to the logged-on macOS user. When a remote user sends a crafted HTTP request to the server, it...

GSD-2021-1001026 bcache: avoid oversized read request in cache missing code path

bcache: avoid oversized read request in cache missing code path This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.11 by commit...

CVE-2020-29562

The iconv function in the GNU C Library aka glibc or libc6 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service...

F5 Networks BIG-IP : BIG-IP MQTT iRule vulnerability (K62830532)

When your system handlesMQTT traffic through a BIG-IP virtual server associated with an MQTT profile, and an iRule performs manipulations on that traffic, TMM may produce a core file. CVE-2020-5935 Impact The Traffic Management Microkernel TMM may generate a core file and restart, causing a high...

ElkarBackup Path Traversal Vulnerability

ElkarBackup is a free open source backup solution based on RSync/RSnapshot. ElkarBackup 1.3.3 suffers from a sensitive source code path disclosure vulnerability. An attacker can exploit this vulnerability to view the path to the jobs/sort source code, which can be used to identify the code...

CVE-2020-24925

A Sensitive Source Code Path Disclosure vulnerability is found in ElkarBackup v1.3.3. An attacker is able to view the path of the source code jobs/sort where entire source code path is displayed in the browser itself helping the attacker identify the code structure...

CVE-2020-24925

A Sensitive Source Code Path Disclosure vulnerability is found in ElkarBackup v1.3.3. An attacker is able to view the path of the source code jobs/sort where entire source code path is displayed in the browser itself helping the attacker identify the code structure...

CVE-2020-24925

Summary: CVE-2020-24925 affects ElkarBackup v1.3.3 and exposes a sensitive source code path disclosure. What is affected: ElkarBackup, component path disclosure in the web UI, specifically the jobs/sort path, which reveals the full source code path: /app/elkarbackup/src/Binovo/ElkarBackupBundle/C...

From Layers to Microunits

The evolution of “Code Cohesion” and “Separation of Concerns” The software industry has recognized the values of “Separation of Concerns” and “Code Cohesion” for more than two decades. Many articles, books and software-thinkers have contributed methodologies to implement these important values. I...

CVE-2020-0662

A remote code execution vulnerability exists in the way that Windows handles objects in memory, aka ‘Windows Remote Code Execution Vulnerability’. Recent assessments: zeroSteiner at March 17, 2020 8:31pm UTC reported: Analysis performed using ipnathlp.dll from Windows Server 2019 x64 sha256:...

CVE-2014-3180

In kernel/compat.c in the Linux kernel before 3.17, as used in Google Chrome OS and other products, there is a possible out-of-bounds read. restartsyscall uses uninitialized data when restarting compatsysnanosleep. NOTE: this is disputed because the code path is unreachable...

The WebLogic vulnerability and patch analysis-vulnerability warning-the black bar safety net

Earlier this year, researchers found and published the Oracle WebLogic in a deserialization vulnerability. This vulnerability is more serious, so Oracle breaks the normal quarterly release patches practice, specially issued an emergency update. Unfortunately, the researchers soon realized that an...

Memory corruption

There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which allows remote attackers to cause a denial of service crash by sending a crafted command which will result in a code path that calls the UND undefined ARM instruction...

CVE-2018-10659

There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which allows remote attackers to cause a denial of service crash by sending a crafted command which will result in a code path that calls the UND undefined ARM instruction...

CVE-2018-10659

There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which allows remote attackers to cause a denial of service crash by sending a crafted command which will result in a code path that calls the UND undefined ARM instruction...

DEBIAN-CVE-2017-17515

etc/ObjectList in Metview 4.7.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has indicated that the code to access this...