Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fixed the incorrect use of pciforeachdmaalias for non-PCI devices. Previously, the domaincontextclear function incorrectly called pciforeachdmaalias to set up context entries for non-PCI devices. This could lead to...

kernel: iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix incorrect pciforeachdmaalias for non-PCI devices Previously, the domaincontextclear function incorrectly called pciforeachdmaalias to set up context entries for non-PCI devices. This could lead to kernel hangs or...

SUSE CVE-2024-50101

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix incorrect pciforeachdmaalias for non-PCI devices Previously, the domaincontextclear function incorrectly called pciforeachdmaalias to set up context entries for non-PCI devices. This could lead to kernel hangs or...

AZL-52569 CVE-2024-50101 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix incorrect pciforeachdmaalias for non-PCI devices Previously, the domaincontextclear function incorrectly called pciforeachdmaalias to set up context entries for non-PCI devices. This could lead to kernel hangs or...

AZL-52598 CVE-2024-50101 affecting package kernel for versions less than 6.6.64.2-1

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix incorrect pciforeachdmaalias for non-PCI devices Previously, the domaincontextclear function incorrectly called pciforeachdmaalias to set up context entries for non-PCI devices. This could lead to kernel hangs or...

DEBIAN-CVE-2024-50101

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix incorrect pciforeachdmaalias for non-PCI devices Previously, the domaincontextclear function incorrectly called pciforeachdmaalias to set up context entries for non-PCI devices. This could lead to kernel hangs or...

UBUNTU-CVE-2024-50101

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix incorrect pciforeachdmaalias for non-PCI devices Previously, the domaincontextclear function incorrectly called pciforeachdmaalias to set up context entries for non-PCI devices. This could lead to kernel hangs or...

CVE-2024-50101 iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix incorrect pciforeachdmaalias for non-PCI devices Previously, the domaincontextclear function incorrectly called pciforeachdmaalias to set up context entries for non-PCI devices. This could lead to kernel hangs or...

GHSA-M64Q-4JQH-F72F Stored Cross-site Scripting (XSS) in excalidraw's web embed component

Summary A stored XSS vulnerability in Excalidraw's web embeddable component. This allows arbitrary JavaScript to be run in the context of the domain where the editor is hosted. Poc Inserting an embed with the below url can be copy/pasted onto canvas to insert as embed will log 42 to the console:...

Stored Cross-site Scripting (XSS) in excalidraw's web embed component

Summary A stored XSS vulnerability in Excalidraw's web embeddable component. This allows arbitrary JavaScript to be run in the context of the domain where the editor is hosted. Poc Inserting an embed with the below url can be copy/pasted onto canvas to insert as embed will log 42 to the console:...

GHSA-8XV4-JJ4H-QWW6 Pimcore contains Unrestricted Upload of File with Dangerous Type

Impact The upload functionality for updating user profile does not properly validate the file content-type, allowing any authenticated user to bypass this security check by adding a valid signature p.e. GIF89 and sending any invalid content-type. This could allow an authenticated attacker to uplo...

NVidia Display Driver Service (Nsvr) Exploit

No description provided by source. / NVidia Display Driver Service Nsvr Exploit - Christmas 2012 - Bypass DEP + ASLR + /GS + CoE ============================================================= @peterwintrsmith Initial release 25/12/12 Update 25/12/12 - Target for 30 Aug 2012 nvvsvc.exe Build - than...

Nvidia Display Driver Service (Nsvr) - Local Buffer Overflow

Nvidia Display Driver Service Nsvr - Local Buffer Overflow / NVidia Display Driver Service Nsvr Exploit - Christmas 2012 - Bypass DEP + ASLR + /GS + CoE ============================================================= @peterwintrsmith Initial release 25/12/12 Update 25/12/12 - Target for 30 Aug 2012...

Nvidia Display Driver Service Attack Escalates Privileges on Windows Machines

There’s nothing like a zero-day to ruin the holiday break, but that’s just what may be in store for engineers at Nvidia after a researcher discovered a new vulnerability in the Nvidia Display Driver Service. The flaw could hand over administrator privileges on Windows machines to an attacker. Pet...

NVidia Display Driver Buffer Overflow

/ NVidia Display Driver Service Nsvr Exploit - Christmas 2012 - Bypass DEP + ASLR + /GS + CoE ============================================================= @peterwintrsmith Hey all! Here is an exploit for an interesting stack buffer overflow in the NVidia Display Driver Service. The service liste...

Android crossapplication scripting

Application can script in browser in any domain's context...

CVE-2005-2263

The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which causes the callback to be run in the context of t...