GSD-2021-1000053 dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails

dm rq: fix double free of blkmqtagset in dev remove after table load fails This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.3 by commit...

GSD-2021-1000131 dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails

dm rq: fix double free of blkmqtagset in dev remove after table load fails This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.36 by commit...

PHP 8.1.0-dev Backdoor Remote Command Execution Exploit (2)

PHP version 8.1.0-dev unauthenticated remote command execution proof of concept exploit that leverages the backdoor. !/usr/bin/env python3 Exploit Title: PHP 8.1.0-dev WebShell RCE Unauthenticated Exploit Author: Mayank Deshmukh Vendor Homepage: https://www.php.net/ Software Link:...

PHP 8.1.0-dev Backdoor Remote Command Execution

!/usr/bin/env python3 Exploit Title: PHP 8.1.0-dev WebShell RCE Unauthenticated Date: 2021-05-31 Exploit Author: Mayank Deshmukh Vendor Homepage: https://www.php.net/ Software Link: https://github.com/vulhub/vulhub/tree/master/php/8.1-backdoor Version: PHP 8.1.0-dev Tested on: Kali GNU/Linux 2020...

CVE-2019-14836

A vulnerability was found that the 3scale dev portal does not employ mechanisms for protection against login CSRF. An attacker could use this flaw to access unauthorized information or conduct further attacks...

CVE-2019-14836

A vulnerability was found that the 3scale dev portal does not employ mechanisms for protection against login CSRF. An attacker could use this flaw to access unauthorized information or conduct further attacks...

Design/Logic Flaw

A vulnerability was found that the 3scale dev portal does not employ mechanisms for protection against login CSRF. An attacker could use this flaw to access unauthorized information or conduct further attacks...

CVE-2019-14836

CVE-2019-14836 concerns Red Hat 3scale Dev Portal where login CSRF protection is absent. The connected documents consistently state the vulnerability stems from the login form not validating CSRF tokens, enabling an attacker to access unauthorized information or conduct further attacks. Affected ...

PT-2021-8982 · Red Hat · 3Scale Dev Portal

Name of the Vulnerable Software and Affected Versions: 3scale dev portal affected versions not specified Description: A flaw was discovered in the 3scale dev portal where it does not employ mechanisms for protection against login CSRF. This allows an attacker to access unauthorized information or...

PHP 8.1.0-dev Backdoor Remote Command Injection

Exploit Title: PHP 8.1.0-dev backdoor | Remote Command Injection Unauthenticated Date: 23/05/2021 Exploit Author: Richard Jones Vendor Homepage: https://www.php.net/ Software Link: https://github.com/vulhub/vulhub/tree/master/php/8.1-backdoor Version: PHP 8.1.0-dev Tested on: Linux Ubuntu 20.04.2...

PHP 8.1.0-dev Backdoor Remote Command Injection Exploit

Exploit Title: PHP 8.1.0-dev backdoor | Remote Command Injection Unauthenticated Exploit Author: Richard Jones Vendor Homepage: https://www.php.net/ Software Link: https://github.com/vulhub/vulhub/tree/master/php/8.1-backdoor Version: PHP 8.1.0-dev Tested on: Linux Ubuntu 20.04.2 LTS...

PT-2024-11220 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A memory leak vulnerability has been resolved in the Linux kernel. The issue occurs in the uss720 probe function, which forgets to decrease the refcount of usbdev. This is fixed by...

Bitbucket XSS, privilege escalation from "Project Creator" to "System admin" on project deletion

This vulnerability affects certain versions of Atlassian Dev Tools. Please describe the impact of the vulnerability here. No known vulnerability could be read off of the parent...

Bitbucket XSS, privilege escalation from "Project Creator" to "System admin" on project deletion

This vulnerability affects certain versions of Atlassian Dev Tools. Please describe the impact of the vulnerability here. No known vulnerability could be read off of the parent...

kernel: child process is able to access parent mm through hfi dev file handle

A flaw use after free in the Linux kernel infiniband hfi1 driver was found in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system...

ALSA-2021:1578 Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Integer overflow in IntelR Graphics Drivers CVE-2020-12362 kernel: memory leak in sofsetgetlargectrldata function in sound/soc/sof/ipc.c CVE-2019-18811 kernel: use-after-free caused by a...

@qbunnyteam/superlogin (>=0.0.3 <=0.0.4), @sensu/superlogin (>=1.2.2 <=1.2.6) +16 more potentially affected by CVE-2020-7673 via node-extend (=0.2.0)

node-extend NPM version =0.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on node-extend and may be impacted: - @qbunnyteam/superlogin =0.0.3, =1.2.2, =0.1.0, =0.1.0, =0.0.0, =0.2.0, =4.1.4, =1.1.0, =1.4.1 and more Source cves: CVE-2020-7673 Source...

Ubuntu 21.04 : Please vulnerabilities (USN-4955-1)

The remote Ubuntu 21.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4955-1 advisory. Matthias Gerstner discovered that Please contained multiple security issues. A local attacker could use these issues to cause Please to crash, resulting in a...

@jpinkney/plugin (>=0.0.1-1583345065 <=0.0.1-1583345396), @theia/debug (>=0.4.0-next.0a1bd791 <=0.4.0-next.fee81ec4) +8 more potentially affected by CVE-2021-28162 via @theia/messages (>=0.10.0-next.a2cdb337 <=0.9.0)

@theia/messages NPM version =0.10.0-next.a2cdb337, =0.0.1-1583345065, =0.4.0-next.0a1bd791, =0.4.0-next.0a1bd791, =0.3.4, =0.8.0, =0.3.19, =0.3.12, =0.13.0, =0.7.0-next.2011dfb2, =0.17.0-next.0d7566df, =0.17.0-next.f5433ece Source cves: CVE-2021-28162 Source advisory: OSV:GHSA-C94V-8FFF-73PH...

@aikosia/automaton (>=0.6.0 <=0.8.1), @aikosia/automaton-cli (>=0.2.1 <=0.3.5) +27 more potentially affected by CVE-2020-7718 via gammautils (>=0.0.2 <=0.0.81)

gammautils NPM version =0.0.2, =0.6.0, =0.2.1, =0.9.0, =0.1.5, =1.0.49, =9.0.0, =0.1.44, =0.1.22, =0.1.20, =1.0.1, =0.0.9, =0.0.7, =0.0.8 and more Source cves: CVE-2020-7718 Source advisory: OSV:GHSA-PGMG-GF5P-54J8...