CVE-2021-46957

In the Linux kernel, the following vulnerability has been resolved: riscv/kprobe: fix kernel panic when invoking sysread traced by kprobe The execution of sysread end up hitting a BUGON in findgetblock after installing kprobe at sysread, the BUG message like the following: 65.708663 ------------...

CVE-2021-46910

CVE-2021-46910 relates to the Linux kernel’s kmap_local(): when CONFIG_DEBUG_KMAP_LOCAL=y, per-CPU fixmap slots are doubled, causing the fixmap region to grow downwards and potentially collide with the virtual DT mapping. The documented impact is a local exploit path leading to kernel instability...

CVE-2021-46910 ARM: 9063/1: mm: reduce maximum number of CPUs if DEBUG_KMAP_LOCAL is enabled

In the Linux kernel, the following vulnerability has been resolved: ARM: 9063/1: mm: reduce maximum number of CPUs if DEBUGKMAPLOCAL is enabled The debugging code for kmaplocal doubles the number of per-CPU fixmap slots allocated for kmaplocal, in order to use half of them as guard regions. This...

CVE-2021-46910

In the Linux kernel, the following vulnerability has been resolved: ARM: 9063/1: mm: reduce maximum number of CPUs if DEBUGKMAPLOCAL is enabled The debugging code for kmaplocal doubles the number of per-CPU fixmap slots allocated for kmaplocal, in order to use half of them as guard regions. This...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the debugging code of kmaplocal doubling the number of per-CPU repair mapping slots allocated to kmaplocal s...

CVE-2024-27350

Amazon Fire OS 7 before 7.6.6.9 and 8 before 8.1.0.3 allows Fire TV applications to establish local ADB Android Debug Bridge connections. NOTE: some third parties dispute whether this has security relevance, because an ADB connection is only possible after the non-default ADB Debugging option is...

CVE-2024-27350

Amazon Fire OS 7 before 7.6.6.9 and 8 before 8.1.0.3 allows Fire TV applications to establish local ADB Android Debug Bridge connections. NOTE: some third parties dispute whether this has security relevance, because an ADB connection is only possible after the non-default ADB Debugging option is...

Design/Logic Flaw

Amazon Fire OS 7 before 7.6.6.9 and 8 before 8.1.0.3 allows Fire TV applications to establish local ADB Android Debug Bridge connections. NOTE: some third parties dispute whether this has security relevance, because an ADB connection is only possible after the non-default ADB Debugging option is...

PT-2024-21841 · Amazon · Amazon Fire Os

Name of the Vulnerable Software and Affected Versions: Amazon Fire OS versions 7.0.0 through 7.6.6.8 Amazon Fire OS versions 8.0.0 through 8.1.0.2 Description: The issue allows Fire TV applications to establish local ADB Android Debug Bridge connections. This is only possible after the non-defaul...

Heap overflow

In wolfSSL prior to 5.6.6, if callback functions are enabled via the WOLFSSLCALLBACKS flag, then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes WOLFSSLCALLBACKS is only intended for debugging...

CVE-2023-6936 Heap-buffer over-read with WOLFSSL_CALLBACKS

In wolfSSL prior to 5.6.6, if callback functions are enabled via the WOLFSSLCALLBACKS flag, then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes WOLFSSLCALLBACKS is only intended for debugging...

Exploit for Improper Access Control in Joomla Joomla\!

Joomla! options Arguments - url: Root URL base...

LaborOfficeFree 19.10 MySQL Root Password Calculator

Exploit Title: LaborOfficeFree 19.10 MySQL Root Password Calculator - CVE-2024-1346 Google Dork: N/A Date: 09/02/2023 Exploit Author: Peter Gabaldon - https://pgj11.com/ Vendor Homepage: https://www.laborofficefree.com/ Software Link: https://www.laborofficefree.com/plans Version: 19.10 Tested on...

vantage6 has insecure SSH configuration for node and server containers

Impact Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not exposed so there is no risk, but not all deployments are ideal. The default should therefore be less permissive. We will probably opt to...

DeviceFarmer STF Security Vulnerability

STF is an open source web application from Device Farmer for remotely debugging smartphones, smartwatches and other gadgets from the comfort of your browser. A security vulnerability exists in DeviceFarmer STF version v3.6.6, which stems from the use of a corrupted or risky encryption algorithm...

OTRS Log Information Disclosure Vulnerability

OTRS is an application from OTRS Germany. A service management software. A security vulnerability exists in OTRS that stems from the insertion of debugging information into a log file during the construction of a resilient search index allowing sensitive information to be read from it...

Fedora: Security Advisory for sos (FEDORA-2024-2fb8991c68)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 38 Update: sos-4.6.1-1.fc38

Sos is a set of tools that gathers information about system hardware and configuration. The information can then be used for diagnostic purposes and debugging. Sos is commonly used to help support technicians and developers...

[SECURITY] Fedora 39 Update: sos-4.6.1-1.fc39

Sos is a set of tools that gathers information about system hardware and configuration. The information can then be used for diagnostic purposes and debugging. Sos is commonly used to help support technicians and developers...

AMD EPYC Security Vulnerability

AMD EPYC is a line of x86 architecture server microprocessors from AMD Semiconductor, known in Chinese as "霄龙", which utilizes the Zen microarchitecture. A security vulnerability exists in AMD EPYC Generation 3 and 4 that allows a privileged attacker to prevent the delivery of debugging exception...