kernel: Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync

A flaw was found in the Linux kernel’s Bluetooth subsystem HCI. Specifically, in the function hciaclcreateconnsync and related path hcilecreateconnsync, a connection object in state BTOPEN that is still pending command submission may be freed prematurely, leading to a use-after-free condition. An...

kernel: Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync

A flaw was found in the Linux kernel’s Bluetooth subsystem HCI. Specifically, in the function hciaclcreateconnsync and related path hcilecreateconnsync, a connection object in state BTOPEN that is still pending command submission may be freed prematurely, leading to a use-after-free condition. An...

kernel: Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync

A flaw was found in the Linux kernel’s Bluetooth subsystem HCI. Specifically, in the function hciaclcreateconnsync and related path hcilecreateconnsync, a connection object in state BTOPEN that is still pending command submission may be freed prematurely, leading to a use-after-free condition. An...

kernel: Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync

A flaw was found in the Linux kernel’s Bluetooth subsystem HCI. Specifically, in the function hciaclcreateconnsync and related path hcilecreateconnsync, a connection object in state BTOPEN that is still pending command submission may be freed prematurely, leading to a use-after-free condition. An...

SUSE CVE-2022-49918

In the Linux kernel, the following vulnerability has been resolved: ipvs: fix WARNING in ipvscleanupbatch During the initialization of ipvsconnnetinit, if file ipvsconn or ipvsconnsync fails to be created, the initialization is successful by default. Therefore, the ipvsconn or ipvsconnsync file...

Vulnerabilities fixed in Micorosft SQL Server

Microsoft has fixed vulnerabilities in SQL Server. The vulnerabilities are located in the various ODBC and OLE DB drivers and allow a malicious party to execute arbitrary code execute application privileges, potentially gaining access gain access to sensitive data. Successful abuse requires the...

Postgraas SQL注入漏洞

Blue Yonder GmbH Postgraas is a super-simple PostgreSQL-as-a-service from Blue Yonder GmbH, China. A SQL injection vulnerability exists in Blue Yonder postgraasserver 2.0.0b2 and earlier versions, which originates from the function in the file...

The vulnerability of the connected module “Kaspersky Security System” of the Eltex network interface “ESR-200” allows a intruder to cause a service failure.

The vulnerability of the connected module “Kaspersky Security System” of the Ethernet switch software “Eltex ESR-200” is related to the improper creation of connections. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

An issue was discovered in the Linux kernel before 5.15.11. There is a memory leak in the __rds_conn_create() function in net/rds/connection.c in a certain combination of circumstances.

...

GHSA-CVCQ-GMC3-Q6M8 Apache Airflow logs passwords in plaintext

In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. The same happenes when creating a Connection with a password field...

PYSEC-2020-262

In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. Same happened when creating a Connection with a password field...

Apache Airflow 加密问题漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. A security vulnerability exists in Apache Airflow versions prior to 1.10.13, which...